P
US10454973B2ActiveUtilityPatentIndex 73

Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods

Assignee: ONETRUST LLCPriority: Jun 10, 2016Filed: Oct 12, 2018Granted: Oct 22, 2019
Est. expiryJun 10, 2036(~9.9 yrs left)· nominal 20-yr term from priority
Inventors:BARDAY KABIR AKARANJKAR MIHIR SFINCH STEVEN WBROWNE KEN AHEARD NATHAN WPATEL AAKASH HSABOURIN JASON LDANIEL RICHARD LPATTON-KUHL DYLAN DJONES KEVINBRANNON JONATHAN BLAKE
G06F 16/95G06N 20/00G06F 21/577G06F 21/552G06F 15/76H04L 63/102G06F 21/6245G06F 16/9038H04L 63/20H04L 41/12
73
PatentIndex Score
4
Cited by
724
References
18
Claims

Abstract

In particular embodiments, a Cross-Border Visualization Generation System is configured to analyze one or more data systems (e.g. data assets), identify data transfers between/among those systems, determine whether any particular regulations apply to the identified data transfers, and generate a visual representation of physical locations of the one or more data systems and the one or more data transfers between them. The system may, for example, color-code one or more lines or indicators showing a transfer of data between a first and second data system The one or more indicators may convey, for example: (1) whether the data transfer is secure; (2) a type or level of security that is applied to the transfers; (3) one or more regulations that apply to the transfer, and/or (4) any other suitable information related to the transfer of particular data between the first and second data system.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A computer-implemented data processing method for generating a visualization of one or more data transfers between one or more data assets, the method comprising:
 identifying one or more data assets associated with a particular entity; 
 analyzing the one or more data assets to identify one or more data elements stored in the identified one or more data assets; 
 defining a plurality of physical locations and identifying, for each of the identified one or more data assets, a respective particular physical location of the plurality of physical locations; 
 analyzing the identified one or more data elements to determine one or more data transfers between the one or more data systems in different particular physical locations; 
 determining one or more regulations that relate to the one or more data transfers; 
 generating a visual representation of the one or more data transfers based at least in part on the one or more regulations; and 
 using at least one data model to identify the one or more data elements stored in the one or more identified data assets, the data model comprising:
 a respective digital inventory for each of the one or more data assets, each respective digital inventory comprising one or more inventory attributes selected from the group consisting of:
 one or more processing activities associated with each respective data asset; 
 transfer data associated with each respective data asset; and 
 one or more pieces of personal data associated with each respective data asset; and 
 
 a data map identifying one or more electronic associations between at least two of the one or more data assets, wherein the method further comprises:
 receiving an attribute value for a particular inventory attribute of the one or more inventory attributes; 
 modifying the respective digital inventory into a modified digital inventory that includes the attribute value; and 
 storing the modified digital inventory as part of the data model. 
 
 
 
     
     
       2. The computer-implemented data processing method of  claim 1 , wherein the one or more data elements comprise the one or more inventory attributes. 
     
     
       3. The computer-implemented data processing method of  claim 2 , wherein determining one or more regulations that relate to the one or more data transfers comprises analyzing the transfer data associated with each respective data asset to identify the one or more regulations. 
     
     
       4. The computer-implemented data processing method of  claim 3 , wherein the one or more regulations comprise one or more transfer restrictions. 
     
     
       5. The computer-implemented data processing method of  claim 4 , wherein:
 the one or more data transfers comprise a first transfer from a first data asset in a first location to a second data asset in a second location; 
 the one or more inventory attributes associated with the first data asset comprise one or more first data storage attributes; and 
 the one or more inventory attributes associated with the second data asset comprise one or more second data storage attributes. 
 
     
     
       6. The computer-implemented data processing method of  claim 5 , wherein:
 the one or more transfer restrictions comprise a first transfer restriction related to the first transfer; and 
 the first transfer restriction comprises a restriction that the one or more second data storage attributes comprise one or more second data security restrictions that are at least as stringent as one or more first data security restrictions associated with the one or more first data storage attributes. 
 
     
     
       7. The computer-implemented data processing of  claim 5 , wherein:
 the one or more regulations comprise a first regulation related to the first transfer; and 
 the first regulation comprises a regulation based at least in part on one or more regulations selected from the group consisting of:
 one or more binding corporate rules; 
 a privacy shield; 
 a safe harbor regulation; and 
 one or more contract provisions. 
 
 
     
     
       8. A computer-implemented data processing method for generating a visualization of one or more data transfers between one or more data assets, the method comprising:
 identifying one or more data assets associated with a particular entity; 
 analyzing the one or more data assets to identify one or more data elements stored in the identified one or more data assets; 
 defining a plurality of physical locations and identifying, for each of the identified one or more data assets, a respective particular physical location of the plurality of physical locations; 
 analyzing the identified one or more data elements to determine one or more data transfers between the one or more data systems in different particular physical locations; 
 determining one or more regulations that relate to the one or more data transfers; 
 generating a visual representation of the one or more data transfers based at least in pan on the one or more regulations; 
 generating a visual representation of a map comprising the plurality of physical locations; 
 superimposing an indicia for each of the one or more data assets that indicates the respective particular physical location of the plurality of physical locations for each of the one or more data assets; and 
 generating a visual indication of the one or more data transfers between the one or more data assets. 
 
     
     
       9. The computer-implemented data processing method of  claim 8 , wherein generating the visual representation of the one or more data transfers further comprises:
 modifying the visual representation such that each visual indication of the one or more data transfers is color coded based at least in part on the one or more regulations. 
 
     
     
       10. The computer-implemented data processing method of  claim 9 , wherein identifying the one or more data elements comprises analyzing the one or more data assets using one or more intelligent identity scanning techniques. 
     
     
       11. The computer-implemented data processing method of  claim 10 , wherein the one or more intelligent identity scanning techniques comprise:
 scanning one or more databases to generate a catalog of one or more individuals and one or more pieces of personal information associated with the one or more individuals; 
 scanning one or more data repositories based at least in part on the generated catalog to identify one or more attributes of data associated with the one or more individuals; 
 analyzing and correlating the one or more attributes and metadata for the scanned one or more data repositories; 
 using one or more machine learning techniques to categorize one or more data elements from the generated catalog; 
 analyzing a flow of the data elements among the one or more data repositories; 
 categorizing the one or more data elements based on a confidence score; 
 receiving input from one or more users confirming or denying a categorization of the one or more data elements; and 
 in response to receiving the input, modifying the confidence score. 
 
     
     
       12. The computer-implemented data processing method of  claim 11 , further comprising:
 providing a software application for installation on a computing device that is networked with one or more data repositories associated with an organization; and 
 providing a communication channel between one or more remote scanning servers and the software application, wherein:
 the software application is configured to communicate with the one or more remote scanning servers via a firewall; and 
 the software application is configured to transmit the one or more attributes of data associated with the one or more individuals to the one or more remote scanning servers. 
 
 
     
     
       13. The computer-implemented data processing method of  claim 12 , wherein:
 the step of categorizing the one or more data elements is performed by the one or more remote scanning servers. 
 
     
     
       14. A computer-implemented data processing method for assessing a risk associated with one or more data transfers between one or more data assets, the method comprising:
 creating a data transfer record for a transfer of data between a first asset in a first location and a second asset in a second location; 
 accessing a set of data transfer rules that are associated with the data transfer record; 
 performing a data transfer assessment based at least in part on applying the set of data transfer rules on the data transfer record; 
 identifying one or more data transfer risks associated with the data transfer record, based at least in part on the data transfer assessment; 
 calculating a risk score for the data transfer based at least in part on the one or more data transfer risks associated with the data transfer record; and 
 digitally storing the risk score for the data transfer; 
 comparing the risk score for the data transfer to a threshold risk score; 
 determining that the risk score for the data transfer is greater than the threshold risk score; and 
 in response to determining that the risk score for the data transfer is greater than the threshold risk score, terminating the data transfer. 
 
     
     
       15. The computer-implemented data processing method of  claim 14 , further comprising:
 processing the data transfer between the first asset in the first location and the second asset in the second location. 
 
     
     
       16. The computer-implemented data processing method of  claim 14 , wherein the data transfer risks comprise at least one data transfer risk selected from a group consisting of:
 a source location of the data transfer; 
 a destination location of the data transfer; 
 a type of data being transferred; 
 a time of the data transfer; and 
 an amount of data being transferred. 
 
     
     
       17. The computer-implemented data processing method of  claim 14 , wherein processing the data transfer comprises:
 generating a secure link between one or more processors associated with the first asset in the first location and a computing device associated with the second asset in the second location; 
 transferring, via the secure link, the data of the data transfer between the first asset in the first location and the computing device associated with the second asset in the second location; and 
 digitally storing the data of the data transfer at the computing device associated with the second asset in the second location. 
 
     
     
       18. A computer-implemented data processing method for assessing a risk associated with one or more data transfers between one or more data assets, the method comprising:
 creating a data transfer record for a transfer of data between a first asset in a first location and a second asset in a second location; 
 accessing a set of data transfer rules that are associated with the data transfer record; 
 performing a data transfer assessment based at least in part on applying the set of data transfer rules on the data transfer record; 
 identifying one or more data transfer risks associated with the data transfer record, based at least in part on the data transfer assessment; 
 calculating a risk score for the data transfer based at least in part on the one or more data transfer risks associated with the data transfer record; 
 digitally storing the risk score for the data transfer; 
 comparing the risk score for the data transfer to a threshold risk score; 
 determining that the risk score for the data transfer is less than the threshold risk score; and 
 in response to determining that the risk score for the data transfer is less than the threshold risk score, processing the data transfer between the first asset in the first location and the second asset in the second location.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.